WestJet says US passenger data exposed in cyber attack

Major Canadian airline WestJet has confirmed that some customer data was exposed in the cyber attack it suffered back in June.

Based in Calgary, Alberta, WestJet is the second-largest airline in Canada and the eighth-largest airline in North America.

Earlier this year, the airline said it was investigating a cyber incident alongside Transport Canada and law enforcement, which was later claimed by the Scattered Lapsus$ Spider hacking supergroup.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“We are expediting efforts to safeguard sensitive data and personal information for both our guests and employees,” the company said.

Now, the company has revealed that the data of some of its US customers was exposed in the cyber attack.

While the airline said that the data did not include “sensitive” information in most instances, WestJet revealed that personal information such as names, contact information, data and documentation pertaining to flight bookings and travel and other data regarding the customers’ relationship with WestJet were exposed.

However, thanks to existing measures, data like credit and debit card numbers, expiry dates, CVV numbers, and user passwords were not stolen by the threat actor. Impacted customers are being contacted, according to the airline.

“If you received an email or letter notice about this incident directly from WestJet, that notice sets out the types of personal information about you that may have been involved in this incident and provides information on how to access identity theft protection services,” WestJet said on its FAQ page.

The company said that its work on containing the breach is complete but that its bolstering of cyber security principles is ongoing.

VIEW ALL

“Containment is complete, and some additional system and data security measures have been implemented,” the company said.

“However, analysis is ongoing, and WestJet will continue to take measures to further enhance its cyber security protocols.”

WestJet has also reassured customers that at no point was customer safety or the operation of its services impacted as a result of the cyber incident.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

WestJet says US passenger data exposed in cyber attack

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED